Autor: Kevin P. Fleming Fecha: A: Dr Andrew C Aitchison Cc: exim-users Asunto: Re: Getting OT Re: [Exim] Recommendations for virus scanning/content filtering?
----- Original Message -----
From: "Dr Andrew C Aitchison" <A.C.Aitchison@???>
<snip>
> You want to test the *name* of the attachment not the content.
> Windows only checks the name before it runs the script, so verification
> would leave a hole for an attacker (think of those scripts which are valid
> in several languages :-).
>
Actually, I _do_ want to test the content, and care not at all about the
name. The reason that so many of these things get through the system filter
as that they're always finding new ways to use names noone expects... new
extensions that Windows will execute, or whatever. OTOH, the contest always
has to be something Windows recognizes as executable, and there aren't that
many varieties that qualify.
If this was changed to actually inspect the content of the file, then the
whole issue of new extensions popping up (especially with new Windows
releases right around the corrner) goes away. Yes, Windows checks the name,
but only to see if the file "should" be executable. If you take any old
random text file and rename it with an .exe, .com, .vbs or whatever
extension, you'd be able to double-click it to run it, but Windows would
immediately report that the file was not executable.